SaphioneInstallerx64[.]rar

Resubmissions

21/10/2023, 12:31

231021-pp3mpsef5z 7

21/10/2023, 12:26

231021-pmkn4sef31 7

21/10/2023, 12:20

231021-ph7cbaga94 7

Sharing

Copy URL Twitter E-mail

General

Target

SaphioneInstallerx64.rar
Size

86.9MB
MD5

7c7af9de9580319588c4573e5c3a768e
SHA1

f7b5e59bc87c9afd521e9358834a196babb54fc3
SHA256

0803d23696504cf7f055ac598d1b5e251f2be08e0dccd9a0a3c7bbb40f9819a8
SHA512

81a6bd4fcd1ed0c051abc876312e88c171c462ea4fa87a5c5df5f267f928b8f0389fe3886d1217ac3917c1a7d3047333b68e53958517456a011d5cb4337d58ac
SSDEEP

1572864:nWIw3pig9/3MvWvvlnPK4/4rzOchPE5XVeAKRp0pmB4lqPtOARbcVqsm+PyfPU7X:WI0pR30Wvxhkqcd4DSpQmOlqPtOAuVqc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SaphioneInstallerx64.exe

Files

SaphioneInstallerx64.rar
.rar
SaphioneInstallerx64.exe
.exe windows:4 windows x86

b34f154ec913d2d2c435cbd644e91687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
GetShortPathNameW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/code
.sh .vbs linux
bin/code.cmd
locales/af.pak
locales/am.pak
locales/ar.pak
locales/bg.pak
locales/bn.pak
locales/ca.pak
locales/cs.pak
locales/da.pak
locales/de.pak
locales/el.pak
locales/en-GB.pak
locales/en-US.pak
locales/es-419.pak
locales/es.pak
locales/et.pak
locales/fa.pak
locales/fi.pak
locales/fil.pak
locales/fr.pak
locales/gu.pak
.ps1
locales/he.pak
locales/hi.pak
locales/hr.pak
locales/hu.pak
locales/id.pak
locales/it.pak
locales/ja.pak
locales/kn.pak
locales/ko.pak
locales/lt.pak
locales/lv.pak
locales/ml.pak
locales/mr.pak
locales/ms.pak
locales/nb.pak
locales/nl.pak
locales/pl.pak
locales/pt-BR.pak
locales/pt-PT.pak
locales/ro.pak
locales/ru.pak
locales/sk.pak
locales/sl.pak
locales/sr.pak
locales/sv.pak
locales/sw.pak
locales/ta.pak
locales/te.pak
locales/th.pak
locales/tr.pak
locales/uk.pak
locales/ur.pak
locales/vi.pak
locales/zh-CN.pak
locales/zh-TW.pak
old_status/installation_status.json.1696257582
policies/VSCode.admx
.xml
policies/cs-cz/VSCode.adml
.xml
policies/de-de/VSCode.adml
.xml
policies/en-us/VSCode.adml
.xml
policies/es-es/VSCode.adml
.xml
policies/fr-fr/VSCode.adml
.xml
policies/it-it/VSCode.adml
.xml
policies/ja-jp/VSCode.adml
.xml
policies/ko-kr/VSCode.adml
.xml
policies/pl-pl/VSCode.adml
.xml
policies/pt-br/VSCode.adml
.xml
policies/ru-ru/VSCode.adml
.xml
policies/tr-tr/VSCode.adml
.xml
policies/zh-cn/VSCode.adml
.xml
policies/zh-tw/VSCode.adml
.xml
resources/app/ThirdPartyNotices.txt
resources/app/node_modules.asar
resources/app/node_modules.asar.unpacked/@parcel/watcher/build/Release/watcher.node
.dll windows:6 windows x64

5d042a8a3e480c6a0484f3dd812cc6f8

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:59:64:57:fb:5c:1c:5f:b4:fb:50:36:02:de:ed:10:f9:92:62:8e:ca:86:f7:5f:22:0f:8a:31:e0:46:0c:9c
Signer

Actual PE Digest

55:59:64:57:fb:5c:1c:5f:b4:fb:50:36:02:de:ed:10:f9:92:62:8e:ca:86:f7:5f:22:0f:8a:31:e0:46:0c:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CancelIo
CloseHandle
ReadFile
WaitNamedPipeA
WriteFile
GetLastError
CreateFileA
GetOverlappedResult
CreateEventA
FindFirstFileA
FindNextFileA
FindClose
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
GetFileAttributesExW
QueueUserAPC
ReadDirectoryChangesW
SleepEx
GetLongPathNameW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceFrequency
GetExitCodeThread
LCMapStringEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetStringTypeW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
DuplicateHandle
CreateProcessW
ExitProcess
GetModuleFileNameW
HeapReAlloc
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WaitForSingleObject
GetExitCodeProcess
CreatePipe
ReadConsoleW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
SetEndOfFile
GetSystemInfo
VirtualProtect
VirtualQuery
RtlUnwind

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/@vscode/policy-watcher/build/Release/vscode-policy-watcher.node
.dll windows:6 windows x64

f60f3617329222ba678fde8c79d6fb13

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:73:f4:fa:aa:a9:b1:ba:f0:74:d5:1e:8b:d3:e1:f4:59:a5:af:5c:95:55:93:93:aa:74:fa:89:7b:8c:b2:12
Signer

Actual PE Digest

8c:73:f4:fa:aa:a9:b1:ba:f0:74:d5:1e:8b:d3:e1:f4:59:a5:af:5c:95:55:93:93:aa:74:fa:89:7b:8c:b2:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
SetEvent
WaitForMultipleObjects
CreateEventA
CloseHandle
GetModuleHandleA
VirtualQuery
VirtualProtect
GetSystemInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

userenv

UnregisterGPNotification
RegisterGPNotification

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/@vscode/ripgrep/bin/rg.exe
.exe windows:6 windows x64

d511fbbbc6bcb67324eecc291721cb06

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:9c:21:f1:61:d1:ac:d5:53:92:fe:f0:3f:f8:dd:9c:1b:61:b1:1e:5d:22:d9:a4:20:3b:20:19:3c:0e:b8:64
Signer

Actual PE Digest

1b:9c:21:f1:61:d1:ac:d5:53:92:fe:f0:3f:f8:dd:9c:1b:61:b1:1e:5d:22:d9:a4:20:3b:20:19:3c:0e:b8:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036
OpenProcessToken

kernel32

CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemInfo
CreateFileMappingW
MapViewOfFile
VirtualProtect
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
VirtualAlloc
VirtualFree
GetFileType
GetLastError
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
ReleaseSRWLockShared
GetFileInformationByHandle
SleepConditionVariableSRW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
TryAcquireSRWLockExclusive
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
Sleep
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
GetCurrentProcessId
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
GetModuleHandleA
FindNextFileW
CreateFileW
FindFirstFileW
GetFinalPathNameByHandleW
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException

userenv

GetUserProfileDirectoryW

bcrypt

BCryptGenRandom

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/@vscode/spdlog/build/Release/spdlog.node
.dll windows:6 windows x64

e6e1b97bb640d6b56386dd7c82009b6e

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:48:92:fd:2a:35:3e:1a:27:eb:dd:47:b3:12:07:87:7a:94:b8:aa:5b:b0:33:db:76:e9:8f:16:54:7d:3e:29
Signer

Actual PE Digest

a1:48:92:fd:2a:35:3e:1a:27:eb:dd:47:b3:12:07:87:7a:94:b8:aa:5b:b0:33:db:76:e9:8f:16:54:7d:3e:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetDynamicTimeZoneInformation
GetFileAttributesW
GetCurrentThreadId
MultiByteToWideChar
Sleep
GetConsoleMode
GetLastError
GetCurrentProcessId
WideCharToMultiByte
LoadLibraryExA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
QueryPerformanceFrequency
GetExitCodeThread
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateDirectoryW
SetStdHandle
GetFileType
DeleteFileW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
MoveFileExW
GetModuleFileNameW
WriteConsoleW
ExitProcess
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapReAlloc
CreateFileW
ReadFile
ReadConsoleW
HeapSize
SetEndOfFile
GetSystemInfo
VirtualProtect
VirtualQuery

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/@vscode/sqlite3/build/Release/vscode-sqlite3.node
.dll windows:6 windows x64

ab0f667a4fb0a9407a9843a07c7e1abb

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:24:4b:67:63:b3:74:7a:91:2e:c4:de:c4:1d:f6:3c:68:ce:50:1a:f0:d3:2e:ee:c9:2f:96:96:24:a5:ea:92
Signer

Actual PE Digest

3b:24:4b:67:63:b3:74:7a:91:2e:c4:de:c4:1d:f6:3c:68:ce:50:1a:f0:d3:2e:ee:c9:2f:96:96:24:a5:ea:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryExA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
VirtualProtect
VirtualQuery

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/@vscode/windows-ca-certs/build/Release/crypt32.node
.dll windows:6 windows x64

bc533d262fdfaf204049ab3f40e72755

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:85:44:f0:63:78:cf:4e:44:d1:5d:24:ed:0a:54:19:34:44:49:ce:ae:8a:11:7f:73:ad:0a:a2:35:c5:1b:28
Signer

Actual PE Digest

6b:85:44:f0:63:78:cf:4e:44:d1:5d:24:ed:0a:54:19:34:44:49:ce:ae:8a:11:7f:73:ad:0a:a2:35:c5:1b:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

crypt32

CertCloseStore
CertOpenSystemStoreA
CertEnumCertificatesInStore

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/@vscode/windows-mutex/build/Release/CreateMutex.node
.dll windows:6 windows x64

709a7746260610a4299a1ee57d2c014b

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:d9:17:05:c2:53:89:a6:7b:0a:80:9c:ed:67:8f:42:af:83:a1:86:6f:de:c4:53:7f:d0:04:38:27:3a:1c:c2
Signer

Actual PE Digest

b9:d9:17:05:c2:53:89:a6:7b:0a:80:9c:ed:67:8f:42:af:83:a1:86:6f:de:c4:53:7f:d0:04:38:27:3a:1c:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CreateMutexA
OpenMutexA
CloseHandle
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapFree
WriteFile
OutputDebugStringW
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
SetStdHandle
GetFileSizeEx
SetFilePointerEx
CreateFileW
GetSystemInfo
VirtualProtect
VirtualQuery

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/@vscode/windows-process-tree/build/Release/windows_process_tree.node
.dll windows:6 windows x64

b0364842617ca8367c6bf1081ac14f70

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:3e:41:4a:9c:df:53:51:bc:1f:10:86:76:89:ef:d6:b4:6f:30:13:c2:5d:ab:0a:ec:89:02:fc:87:e8:5b:2d
Signer

Actual PE Digest

20:3e:41:4a:9c:df:53:51:bc:1f:10:86:76:89:ef:d6:b4:6f:30:13:c2:5d:ab:0a:ec:89:02:fc:87:e8:5b:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
Sleep
Process32First
GetSystemTimes
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
GetProcessTimes
HeapFree
HeapAlloc
GetProcAddress
ReadProcessMemory
GetProcessHeap
WideCharToMultiByte
LoadLibraryExA
VirtualQuery
VirtualProtect
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
GetSystemInfo

psapi

GetProcessMemoryInfo

Exports

Exports

node_register_module_v110

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/@vscode/windows-registry/build/Release/winregistry.node
.dll windows:6 windows x64

c1a8886d8595d6cc44d731e29265c0fe

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:e1:36:80:b8:e9:51:e4:77:16:4e:2b:e2:04:92:7c:2c:54:12:58:6c:cc:3c:ca:21:63:6e:ac:90:26:c1:3b
Signer

Actual PE Digest

c0:e1:36:80:b8:e9:51:e4:77:16:4e:2b:e2:04:92:7c:2c:54:12:58:6c:cc:3c:ca:21:63:6e:ac:90:26:c1:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/kerberos/build/Release/kerberos.node
.dll windows:6 windows x64

c30c572ea74141ea80be2a7bfb05e94a

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:21:51:6d:86:c4:49:75:c1:5e:b7:7f:39:d0:14:4d:23:ed:da:7e:0d:81:c9:15:90:34:06:c4:f7:ef:3c:7c
Signer

Actual PE Digest

e5:21:51:6d:86:c4:49:75:c1:5e:b7:7f:39:d0:14:4d:23:ed:da:7e:0d:81:c9:15:90:34:06:c4:f7:ef:3c:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
FormatMessageA
WideCharToMultiByte
LocalFree
GetModuleHandleA
VirtualQuery
VirtualProtect
GetSystemInfo
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

secur32

DecryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleW
InitializeSecurityContextW
DeleteSecurityContext
EncryptMessage
QueryContextAttributesA
FreeContextBuffer
QueryContextAttributesW

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/keytar/build/Release/keytar.node
.dll windows:6 windows x64

7b216fe5de24de216b68a8fd80c93703

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:89:4a:5c:ed:c3:5b:87:7e:da:fe:77:9c:ca:8b:6a:a6:22:e2:c5:60:c2:d2:b4:27:ba:f6:c3:a9:8f:4c:31
Signer

Actual PE Digest

eb:89:4a:5c:ed:c3:5b:87:7e:da:fe:77:9c:ca:8b:6a:a6:22:e2:c5:60:c2:d2:b4:27:ba:f6:c3:a9:8f:4c:31

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
GetLastError
FormatMessageW
MultiByteToWideChar
LoadLibraryExA
WideCharToMultiByte
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

advapi32

CredReadW
CredEnumerateW
CredFree
CredDeleteW
CredWriteW

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/native-is-elevated/build/Release/iselevated.node
.dll windows:6 windows x64

9d8dd69cca2a82591ab6e69705bde7f8

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:dc:55:63:a6:5a:dc:22:ba:83:8f:26:d8:42:ea:cd:0b:67:ee:68:75:da:e7:9d:cb:21:bf:5b:98:1b:0e:96
Signer

Actual PE Digest

cb:dc:55:63:a6:5a:dc:22:ba:83:8f:26:d8:42:ea:cd:0b:67:ee:68:75:da:e7:9d:cb:21:bf:5b:98:1b:0e:96

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/native-keymap/build/Release/keymapping.node
.dll windows:6 windows x64

7f2232b0b8b98f9cd67ca57139313c92

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:54:e9:3b:10:a3:61:93:63:60:c4:46:b5:62:68:a2:40:25:c9:19:5c:d5:fd:3e:d1:d9:6b:c0:71:ef:3f:c3
Signer

Actual PE Digest

bb:54:e9:3b:10:a3:61:93:63:60:c4:46:b5:62:68:a2:40:25:c9:19:5c:d5:fd:3e:d1:d9:6b:c0:71:ef:3f:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
VirtualProtect
CreateFileW
VirtualQuery
LoadLibraryExA
WriteConsoleW
GetModuleHandleA
CloseHandle
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileSizeEx
SetFilePointerEx
HeapSize

user32

ActivateKeyboardLayout
GetWindowThreadProcessId
MapVirtualKeyW
GetKeyboardLayoutNameA
GetKeyboardLayout
GetForegroundWindow
ToUnicode

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/native-watchdog/build/Release/watchdog.node
.dll windows:6 windows x64

4737a320bbb67bac94163c39b2273b97

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:14:84:a1:a1:a0:ac:f0:09:4e:02:7a:8f:a1:a0:ed:2f:2c:a3:46:37:db:8d:ca:15:c7:87:fe:a1:92:34:2a
Signer

Actual PE Digest

c5:14:84:a1:a1:a0:ac:f0:09:4e:02:7a:8f:a1:a0:ed:2f:2c:a3:46:37:db:8d:ca:15:c7:87:fe:a1:92:34:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
WaitForSingleObject
OpenProcess
Sleep
CloseHandle
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/node-pty/build/Release/conpty.node
.dll windows:6 windows x64

eafc196bede03f032895f3500cf6bebc

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:7f:d0:11:52:48:61:0c:61:f5:0b:dc:74:7d:5e:71:06:ca:d3:d2:d3:a8:01:ca:26:b8:35:99:11:d3:d0:8f
Signer

Actual PE Digest

42:7f:d0:11:52:48:61:0c:61:f5:0b:dc:74:7d:5e:71:06:ca:d3:d2:d3:a8:01:ca:26:b8:35:99:11:d3:d0:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
SetConsoleCtrlHandler
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
InitializeProcThreadAttributeList
DisconnectNamedPipe
GetLastError
UpdateProcThreadAttribute
CloseHandle
GetProcAddress
CreateProcessW
LoadLibraryExW
ConnectNamedPipe
GetExitCodeProcess
GetEnvironmentVariableW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapAlloc
HeapFree
WriteFile
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
CreateFileW

shlwapi

PathIsRelativeW
PathCombineW

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/node-pty/build/Release/conpty_console_list.node
.dll windows:6 windows x64

f9d97c250bda86b271ec4a688ab2be5f

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:b6:33:34:1e:79:e0:ff:00:49:dc:3d:5f:fa:e2:2c:28:d4:12:c3:28:05:06:cc:dd:e6:a7:31:74:21:8c:86
Signer

Actual PE Digest

3f:b6:33:34:1e:79:e0:ff:00:49:dc:3d:5f:fa:e2:2c:28:d4:12:c3:28:05:06:cc:dd:e6:a7:31:74:21:8c:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
AttachConsole
GetConsoleProcessList
FreeConsole
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/node-pty/build/Release/pty.node
.dll windows:6 windows x64

9dc740fe883db03a8175fc97b466112d

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:a2:42:91:9d:e9:29:75:04:46:d9:e9:06:be:fd:cb:49:42:7e:df:fd:af:4e:f5:59:fd:5d:1a:f4:7a:a9:f2
Signer

Actual PE Digest

9c:a2:42:91:9d:e9:29:75:04:46:d9:e9:06:be:fd:cb:49:42:7e:df:fd:af:4e:f5:59:fd:5d:1a:f4:7a:a9:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcessId
OpenProcess
CloseHandle
SetEnvironmentVariableA
GetExitCodeProcess
GetEnvironmentVariableW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
CreateFileW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapAlloc
HeapFree
WriteFile
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW

shlwapi

PathIsRelativeW
PathCombineW

winpty

winpty_agent_process
winpty_get_console_process_list
winpty_error_msg
winpty_error_free
winpty_config_free
winpty_free
winpty_spawn_config_free
winpty_config_new
winpty_spawn
winpty_config_set_initial_size
winpty_conin_name
winpty_spawn_config_new
winpty_open
winpty_conout_name
winpty_set_size

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/node-pty/build/Release/winpty-agent.exe
.exe windows:6 windows x64

1cb5f69ff93f0e4663547de45cd126fb

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:4d:f5:fb:58:2c:98:ae:02:2f:4d:6d:04:86:41:a0:b5:e0:e4:21:31:77:d7:82:9f:76:eb:c1:d4:65:06:5e
Signer

Actual PE Digest

a3:4d:f5:fb:58:2c:98:ae:02:2f:4d:6d:04:86:41:a0:b5:e0:e4:21:31:77:d7:82:9f:76:eb:c1:d4:65:06:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleCP
LoadLibraryW
GetProcAddress
FreeLibrary
SetConsoleMode
GetConsoleMode
GetTickCount
GenerateConsoleCtrlEvent
ReadConsoleInputW
WaitForMultipleObjects
Sleep
ReadFile
CancelIo
WriteFile
CreateNamedPipeW
CreateFileW
CreateEventW
ResetEvent
GetOverlappedResult
ConnectNamedPipe
GetConsoleCursorInfo
GetConsoleTitleW
GetConsoleWindow
SetConsoleTitleW
GetConsoleScreenBufferInfo
GetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleWindowInfo
CreateConsoleScreenBuffer
FillConsoleOutputCharacterW
ReadConsoleOutputW
FillConsoleOutputAttribute
SetConsoleCursorPosition
WriteConsoleOutputW
GetCommandLineW
GetCurrentThreadId
GetModuleFileNameA
SetNamedPipeHandleState
SetLastError
GetEnvironmentVariableA
GetCurrentProcessId
TransactNamedPipe
GetSystemTimeAsFileTime
WaitNamedPipeW
WideCharToMultiByte
LocalAlloc
GetCurrentThread
LocalFree
GetVersionExW
GetSystemDirectoryW
WriteConsoleW
CreateProcessW
WriteConsoleInputW
CloseHandle
GetConsoleProcessList
GetLargestConsoleWindowSize
GetLastError
DuplicateHandle
WaitForSingleObject
GetStdHandle
GetCurrentProcess
SetConsoleCtrlHandler
SetConsoleTextAttribute
GetModuleHandleW
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCommandLineA
HeapFree
HeapAlloc
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
OpenThreadToken
GetTokenInformation
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

CommandLineToArgvW

user32

CloseDesktop
CreateDesktopW
SetProcessWindowStation
PostMessageW
SendMessageW
CreateWindowStationW
MapVirtualKeyW
VkKeyScanW
GetDoubleClickTime
CloseWindowStation
GetUserObjectInformationW
GetProcessWindowStation

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/node-pty/build/Release/winpty.dll
.dll windows:6 windows x64

d7472042adcbad8dc3267d828df2ba30

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:5e:07:36:49:15:1c:c0:66:d8:64:f7:d0:31:ef:4c:78:57:9c:cb:2e:a8:6e:48:90:e8:f2:ba:c4:43:0d:57
Signer

Actual PE Digest

95:5e:07:36:49:15:1c:c0:66:d8:64:f7:d0:31:ef:4c:78:57:9c:cb:2e:a8:6e:48:90:e8:f2:ba:c4:43:0d:57

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentVariableA
DuplicateHandle
CreateEventW
GetLastError
CloseHandle
GetOverlappedResult
DeleteCriticalSection
CreateProcessW
ConnectNamedPipe
GetCurrentThreadId
GetModuleFileNameA
SetNamedPipeHandleState
SetLastError
InitializeCriticalSection
GetCurrentProcessId
TransactNamedPipe
GetSystemTimeAsFileTime
WaitNamedPipeW
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
LocalAlloc
GetCurrentThread
LocalFree
GetVersionExW
GetSystemDirectoryW
LeaveCriticalSection
WaitForMultipleObjects
CreateNamedPipeW
WriteFile
GetCurrentProcess
EnterCriticalSection
CancelIo
ReadFile
GetFileAttributesW
GetModuleFileNameW
GetModuleHandleExW
CreateFileW
GetModuleHandleW
HeapReAlloc
HeapSize
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
GetFileType
WriteConsoleW
ExitProcess
OutputDebugStringW
HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
OpenThreadToken
GetTokenInformation
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

user32

CloseDesktop
CreateDesktopW
CloseWindowStation
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowStationW
SetProcessWindowStation
GetThreadDesktop

Exports

Exports

winpty_agent_process
winpty_conerr_name
winpty_config_free
winpty_config_new
winpty_config_set_agent_timeout
winpty_config_set_initial_size
winpty_config_set_mouse_mode
winpty_conin_name
winpty_conout_name
winpty_error_code
winpty_error_free
winpty_error_msg
winpty_free
winpty_get_console_process_list
winpty_open
winpty_set_size
winpty_spawn
winpty_spawn_config_free
winpty_spawn_config_new

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/node-pty/lib/shared/conout.js
resources/app/node_modules.asar.unpacked/node-pty/lib/worker/conoutSocketWorker.js
.js
resources/app/node_modules.asar.unpacked/node-vsce-sign/bin/vsce-sign.exe
.exe windows:6 windows x64

d09e433ff38868f50302a70b9d47c73b

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:26:3c:0a:60:57:68:55:ef:68:38:70:6a:9c:8b:4a:b3:f9:24:e3:83:07:7b:24:58:88:21:9f:3e:e1:d3:9c
Signer

Actual PE Digest

d0:26:3c:0a:60:57:68:55:ef:68:38:70:6a:9c:8b:4a:b3:f9:24:e3:83:07:7b:24:58:88:21:9f:3e:e1:d3:9c

Digest Algorithm

sha256

PE Digest Matches

true

d0:26:3c:0a:60:57:68:55:ef:68:38:70:6a:9c:8b:4a:b3:f9:24:e3:83:07:7b:24:58:88:21:9f:3e:e1:d3:9c
Signer

Actual PE Digest

d0:26:3c:0a:60:57:68:55:ef:68:38:70:6a:9c:8b:4a:b3:f9:24:e3:83:07:7b:24:58:88:21:9f:3e:e1:d3:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
EventWrite
EventRegister
EventEnabled
AdjustTokenPrivileges
LookupPrivilegeValueW

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptExportKey
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptGenRandom
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

crypt32

CertFreeCertificateChainEngine
CertCloseStore
PFXImportCertStore
PFXExportCertStore
CryptFindOIDInfo
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CryptImportPublicKeyInfoEx2
CryptFormatObject
CryptDecodeObject
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertControlStore
CertCreateCertificateChainEngine
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertGetCertificateChain
CertGetIntendedKeyUsage
CertGetNameStringW
CertGetValidUsages
CertNameToStrW
CertOpenStore
CertSaveStore
CertSerializeCertificateStoreElement
CertSetCertificateContextProperty
CertStrToNameW
CertVerifyTimeValidity

iphlpapi

GetNetworkParams
if_nametoindex
GetPerAdapterInfo
GetAdaptersAddresses

kernel32

TlsAlloc
TlsGetValue
EncodePointer
TlsFree
RtlUnwind
RaiseException
RtlPcToFileHeader
TlsSetValue
RtlUnwindEx
SetLastError
FormatMessageW
GetLastError
LoadLibraryExW
QueryPerformanceCounter
CloseThreadpoolIo
MultiByteToWideChar
GetStdHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetLocaleInfoEx
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
GetCPInfo
WideCharToMultiByte
LocalAlloc
GetConsoleOutputCP
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CancelIoEx
CreateFileW
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetOverlappedResult
OutputDebugStringW
QueryUnbiasedInterruptTime
ReadFile
SetFileInformationByHandle
SetThreadErrorMode
GetDynamicTimeZoneInformation
GetTimeZoneInformation
WriteFile
CloseHandle
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
CreateThread
ResumeThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
GetCPInfoExW
GetConsoleMode
ReadConsoleW
WriteConsoleW
FlushProcessWriteBuffers
GetCurrentThreadId
WaitForSingleObjectEx
VirtualQuery
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount

ncrypt

NCryptFreeObject
NCryptGetProperty
NCryptVerifySignature
NCryptOpenKey
NCryptImportKey
NCryptExportKey
NCryptDeleteKey
NCryptCreatePersistedKey
NCryptFinalizeKey
NCryptOpenStorageProvider
NCryptSignHash
NCryptSetProperty

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetApartmentType
CoCreateGuid
CoWaitForMultipleHandles

ws2_32

WSARecv
WSAGetOverlappedResult
WSAConnect
WSASend
WSAStartup
shutdown
setsockopt
send
select
recv
ioctlsocket
closesocket
GetNameInfoW
GetAddrInfoW
FreeAddrInfoW
WSASocketW
GetAddrInfoExW
bind
WSACleanup
FreeAddrInfoExW
WSAEventSelect
WSAIoctl
getsockopt

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr
log2
ceil
floor
pow
modf

api-ms-win-crt-string-l1-1-0

strcmp
strcpy_s
_wcsicmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_cexit
exit
__p___wargv
__p___argc
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_wide_argv
abort
terminate
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/vscode-encrypt/build/Release/vscode-encrypt-native.node
.dll windows:6 windows x64

5143c049bab980f040d7876b47c71d97

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:20:c4:ff:6e:e8:4f:21:97:a8:94:0d:46:e5:ac:ea:1c:62:dd:b8:2b:60:20:3c:4c:eb:34:76:aa:db:4c:59
Signer

Actual PE Digest

0f:20:c4:ff:6e:e8:4f:21:97:a8:94:0d:46:e5:ac:ea:1c:62:dd:b8:2b:60:20:3c:4c:eb:34:76:aa:db:4c:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
LoadLibraryExA
LocalFree
GetLastError
LocalAlloc
GetCommandLineW
GetModuleHandleA
VirtualProtect
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateFileW
WriteConsoleW
GetSystemInfo

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

shell32

CommandLineToArgvW

crypt32

CryptMsgGetParam
CryptUnprotectData
CryptProtectData
CryptStringToBinaryA
CryptQueryObject
CryptBinaryToStringA
CryptMsgClose

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/vscode-oniguruma/release/onig.wasm
resources/app/node_modules.asar.unpacked/vsda/build/Release/vsda.node
.dll windows:6 windows x64

5c455e0c30d882bd4053b8565fb00a8a

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:0c:39:d9:e0:41:e3:f9:e2:ea:6b:7a:51:25:0c:42:77:96:8e:91:1c:b4:d1:ae:cd:fd:6f:91:53:fb:f3:e2
Signer

Actual PE Digest

a9:0c:39:d9:e0:41:e3:f9:e2:ea:6b:7a:51:25:0c:42:77:96:8e:91:1c:b4:d1:ae:cd:fd:6f:91:53:fb:f3:e2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapReAlloc
SetFilePointerEx
SetStdHandle
HeapSize
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateFileW
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/node_modules.asar.unpacked/vsda/rust/web/vsda_bg.wasm
resources/app/node_modules.asar.unpacked/windows-foreground-love/build/Release/foreground_love.node
.dll windows:6 windows x64

d64a7a51d124bdfdf765a359b6a97d91

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:fe:42:49:0a:f3:e9:5c:5d:ed:47:e0:c2:e8:17:1d:90:25:01:e4:60:0d:70:4d:11:0b:e6:a9:5c:9d:c4:5c
Signer

Actual PE Digest

c0:fe:42:49:0a:f3:e9:5c:5d:ed:47:e0:c2:e8:17:1d:90:25:01:e4:60:0d:70:4d:11:0b:e6:a9:5c:9d:c4:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryExA
VirtualQuery
VirtualProtect
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo

user32

AllowSetForegroundWindow

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/app/out/bootstrap-amd.js
.js
resources/app/out/bootstrap-fork.js
.js
resources/app/out/bootstrap-node.js
.js
resources/app/out/bootstrap-window.js
.js
resources/app/out/bootstrap.js
.js
resources/app/out/cli.js
.js
resources/app/out/main.js
.js
resources/app/out/nls.metadata.json
resources/app/out/vs/base/browser/ui/codicons/codicon/codicon-modifiers.css
resources/app/out/vs/base/browser/ui/codicons/codicon/codicon.css
resources/app/out/vs/base/browser/ui/codicons/codicon/codicon.ttf
resources/app/out/vs/base/common/performance.js
.js
resources/app/out/vs/base/common/worker/simpleWorker.js
.js
resources/app/out/vs/base/common/worker/simpleWorker.nls.js
resources/app/out/vs/base/node/cpuUsage.sh
.sh .js linux
resources/app/out/vs/base/node/ps.sh
.sh linux
resources/app/out/vs/base/node/terminateProcess.sh
.sh linux
resources/app/out/vs/base/parts/sandbox/electron-sandbox/preload.js
.js
resources/app/out/vs/base/worker/workerMain.js
.js
resources/app/out/vs/code/electron-main/main.js
.js
resources/app/out/vs/code/electron-main/main.nls.js
resources/app/out/vs/code/electron-sandbox/issue/issueReporter.html
resources/app/out/vs/code/electron-sandbox/issue/issueReporter.js
.js
resources/app/out/vs/code/electron-sandbox/issue/issueReporterMain.css
resources/app/out/vs/code/electron-sandbox/issue/issueReporterMain.js
.js
resources/app/out/vs/code/electron-sandbox/issue/issueReporterMain.nls.js
resources/app/out/vs/code/electron-sandbox/processExplorer/processExplorer.html
resources/app/out/vs/code/electron-sandbox/processExplorer/processExplorer.js
.js
resources/app/out/vs/code/electron-sandbox/processExplorer/processExplorerMain.css
resources/app/out/vs/code/electron-sandbox/processExplorer/processExplorerMain.js
.js
resources/app/out/vs/code/electron-sandbox/processExplorer/processExplorerMain.nls.js
resources/app/out/vs/code/electron-sandbox/workbench/workbench.html
resources/app/out/vs/code/electron-sandbox/workbench/workbench.js
.js
resources/app/out/vs/code/node/cli.js
.js
resources/app/out/vs/code/node/cli.nls.js
resources/app/out/vs/code/node/cliProcessMain.js
.js
resources/app/out/vs/code/node/cliProcessMain.nls.js
resources/app/out/vs/code/node/sharedProcess/sharedProcessMain.js
.js
resources/app/out/vs/code/node/sharedProcess/sharedProcessMain.nls.js
resources/app/out/vs/editor/common/services/editorSimpleWorker.nls.js
resources/app/out/vs/loader.js
.js
resources/app/out/vs/platform/audioCues/browser/media/break.mp3
resources/app/out/vs/platform/audioCues/browser/media/chatRequestSent.mp3
resources/app/out/vs/platform/audioCues/browser/media/chatResponsePending.mp3
resources/app/out/vs/platform/audioCues/browser/media/chatResponseReceived1.mp3
resources/app/out/vs/platform/audioCues/browser/media/chatResponseReceived2.mp3
resources/app/out/vs/platform/audioCues/browser/media/chatResponseReceived3.mp3
resources/app/out/vs/platform/audioCues/browser/media/chatResponseReceived4.mp3
resources/app/out/vs/platform/audioCues/browser/media/diffLineDeleted.mp3
resources/app/out/vs/platform/audioCues/browser/media/diffLineInserted.mp3
resources/app/out/vs/platform/audioCues/browser/media/diffLineModified.mp3
resources/app/out/vs/platform/audioCues/browser/media/error.mp3
resources/app/out/vs/platform/audioCues/browser/media/foldedAreas.mp3
resources/app/out/vs/platform/audioCues/browser/media/quickFixes.mp3
resources/app/out/vs/platform/audioCues/browser/media/taskCompleted.mp3
resources/app/out/vs/platform/audioCues/browser/media/taskFailed.mp3
resources/app/out/vs/platform/audioCues/browser/media/terminalBell.mp3
resources/app/out/vs/platform/audioCues/browser/media/warning.mp3
resources/app/out/vs/platform/files/node/watcher/watcherMain.js
.js
resources/app/out/vs/platform/files/node/watcher/watcherMain.nls.js
resources/app/out/vs/platform/profiling/electron-sandbox/profileAnalysisWorker.js
.js
resources/app/out/vs/platform/terminal/node/ptyHostMain.js
.js
resources/app/out/vs/platform/terminal/node/ptyHostMain.nls.js
resources/app/out/vs/workbench/api/node/extensionHostProcess.js
.js
resources/app/out/vs/workbench/api/node/extensionHostProcess.nls.js
resources/app/out/vs/workbench/api/worker/extensionHostWorker.js
.js
resources/app/out/vs/workbench/api/worker/extensionHostWorker.nls.js
resources/app/out/vs/workbench/browser/parts/editor/media/back-tb.png
.png
resources/app/out/vs/workbench/browser/parts/editor/media/forward-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/browser/media/continue-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/browser/media/pause-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/browser/media/restart-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/browser/media/run-with-debugging-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/browser/media/stepinto-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/browser/media/stepout-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/browser/media/stepover-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/browser/media/stop-tb.png
.png
resources/app/out/vs/workbench/contrib/debug/node/telemetryApp.js
.js
resources/app/out/vs/workbench/contrib/debug/node/telemetryApp.nls.js
resources/app/out/vs/workbench/contrib/extensions/browser/media/language-icon.svg
resources/app/out/vs/workbench/contrib/extensions/browser/media/theme-icon.png
.png
resources/app/out/vs/workbench/contrib/externalTerminal/node/TerminalHelper.scpt
.scpt macos
resources/app/out/vs/workbench/contrib/externalTerminal/node/iTermHelper.scpt
.scpt macos
resources/app/out/vs/workbench/contrib/notebook/common/services/notebookSimpleWorker.js
.js
resources/app/out/vs/workbench/contrib/notebook/common/services/notebookSimpleWorker.nls.js
resources/app/out/vs/workbench/contrib/output/common/outputLinkComputer.js
.js
resources/app/out/vs/workbench/contrib/terminal/browser/media/fish_xdg_data/fish/vendor_conf.d/shellIntegration.fish
.vbs
resources/app/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
resources/app/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-env.zsh
resources/app/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-login.zsh
resources/app/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-profile.zsh
resources/app/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-rc.zsh
resources/app/out/vs/workbench/contrib/terminal/browser/media/shellIntegration.ps1
.ps1
resources/app/out/vs/workbench/contrib/webview/browser/pre/fake.html
.html
resources/app/out/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
.html .js
resources/app/out/vs/workbench/contrib/webview/browser/pre/index.html
.html .js
resources/app/out/vs/workbench/contrib/webview/browser/pre/service-worker.js
.js
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/copilotStep.png
.png
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/commandPalette.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/dark-hc.png
.png
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/dark.png
.png
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/debug.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/extensions-web.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/extensions.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/git.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/interactivePlayground.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/languages.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/learn.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/light-hc.png
.png
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/light.png
.png
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/menuBar.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/notebookThemes/colab.png
.png
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/notebookThemes/default.png
.png
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/notebookThemes/jupyter.png
.png
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/openFolder.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/profiles.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/runTask.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/search.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/settings.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/settingsSync.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/shortcuts.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/sideBySide.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/terminal.svg
resources/app/out/vs/workbench/contrib/welcomeGettingStarted/common/media/workspaceTrust.svg
resources/app/out/vs/workbench/services/extensionManagement/common/media/defaultIcon.png
.png
resources/app/out/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
.html .js
resources/app/out/vs/workbench/services/languageDetection/browser/languageDetectionSimpleWorker.js
.js
resources/app/out/vs/workbench/services/search/worker/localFileSearch.js
.js
resources/app/out/vs/workbench/services/textMate/browser/backgroundTokenization/worker/textMateTokenizationWorker.worker.js
.js
resources/app/out/vs/workbench/workbench.desktop.main.css
resources/app/out/vs/workbench/workbench.desktop.main.js
.js
resources/app/out/vs/workbench/workbench.desktop.main.nls.js
resources/app/out/vscode-dts/vscode.d.ts
.js
resources/app/package.json
resources/app/product.json
resources/app/resources/win32/bower.ico
resources/app/resources/win32/c.ico
resources/app/resources/win32/code_150x150.png
.png
resources/app/resources/win32/code_70x70.png
.png
resources/app/resources/win32/config.ico
resources/app/resources/win32/cpp.ico
resources/app/resources/win32/csharp.ico
resources/app/resources/win32/css.ico
resources/app/resources/win32/default.ico
resources/app/resources/win32/go.ico
resources/app/resources/win32/html.ico
resources/app/resources/win32/jade.ico
resources/app/resources/win32/java.ico
resources/app/resources/win32/javascript.ico
resources/app/resources/win32/json.ico
resources/app/resources/win32/less.ico
resources/app/resources/win32/markdown.ico
resources/app/resources/win32/php.ico
resources/app/resources/win32/powershell.ico
resources/app/resources/win32/python.ico
resources/app/resources/win32/react.ico
resources/app/resources/win32/ruby.ico
resources/app/resources/win32/sass.ico
resources/app/resources/win32/shell.ico
resources/app/resources/win32/sql.ico
resources/app/resources/win32/typescript.ico
resources/app/resources/win32/vue.ico
resources/app/resources/win32/xml.ico
resources/app/resources/win32/yaml.ico
resources/app/telemetry-core.json
resources/app/telemetry-extensions.json

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b34f154ec913d2d2c435cbd644e91687

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 451KB

.ndata Size: - Virtual size: 576KB

.rsrc Size: 28KB - Virtual size: 27KB

5d042a8a3e480c6a0484f3dd812cc6f8

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

55:59:64:57:fb:5c:1c:5f:b4:fb:50:36:02:de:ed:10:f9:92:62:8e:ca:86:f7:5f:22:0f:8a:31:e0:46:0c:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 388KB - Virtual size: 388KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 19KB - Virtual size: 19KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

f60f3617329222ba678fde8c79d6fb13

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

8c:73:f4:fa:aa:a9:b1:ba:f0:74:d5:1e:8b:d3:e1:f4:59:a5:af:5c:95:55:93:93:aa:74:fa:89:7b:8c:b2:12Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

userenv

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 352B

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

d511fbbbc6bcb67324eecc291721cb06

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

1b:9c:21:f1:61:d1:ac:d5:53:92:fe:f0:3f:f8:dd:9c:1b:61:b1:1e:5d:22:d9:a4:20:3b:20:19:3c:0e:b8:64Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 451KB

.ndata
Size: - Virtual size: 576KB

.rsrc
Size: 28KB - Virtual size: 27KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

55:59:64:57:fb:5c:1c:5f:b4:fb:50:36:02:de:ed:10:f9:92:62:8e:ca:86:f7:5f:22:0f:8a:31:e0:46:0c:9c
Signer

.text
Size: 388KB - Virtual size: 388KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 19KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

8c:73:f4:fa:aa:a9:b1:ba:f0:74:d5:1e:8b:d3:e1:f4:59:a5:af:5c:95:55:93:93:aa:74:fa:89:7b:8c:b2:12
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 352B

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

1b:9c:21:f1:61:d1:ac:d5:53:92:fe:f0:3f:f8:dd:9c:1b:61:b1:1e:5d:22:d9:a4:20:3b:20:19:3c:0e:b8:64
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 124KB - Virtual size: 124KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 25KB - Virtual size: 25KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a1:48:92:fd:2a:35:3e:1a:27:eb:dd:47:b3:12:07:87:7a:94:b8:aa:5b:b0:33:db:76:e9:8f:16:54:7d:3e:29
Signer

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 21KB - Virtual size: 20KB

.didat
Size: 512B - Virtual size: 360B

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

3b:24:4b:67:63:b3:74:7a:91:2e:c4:de:c4:1d:f6:3c:68:ce:50:1a:f0:d3:2e:ee:c9:2f:96:96:24:a5:ea:92
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 230KB - Virtual size: 229KB

.data
Size: 18KB - Virtual size: 24KB

.pdata
Size: 56KB - Virtual size: 55KB

.didat
Size: 1024B - Virtual size: 584B

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

6b:85:44:f0:63:78:cf:4e:44:d1:5d:24:ed:0a:54:19:34:44:49:ce:ae:8a:11:7f:73:ad:0a:a2:35:c5:1b:28
Signer

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB